Loading services/mediacodec/Android.mk +2 −1 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ include $(CLEAR_VARS) # seccomp is not required for coverage build. ifneq ($(NATIVE_COVERAGE),true) LOCAL_REQUIRED_MODULES_arm := mediacodec.policy LOCAL_REQUIRED_MODULES_x86 := mediacodec.policy endif LOCAL_SRC_FILES := main_codecservice.cpp LOCAL_SHARED_LIBRARIES := \ Loading @@ -47,7 +48,7 @@ LOCAL_INIT_RC := android.hardware.media.omx@1.0-service.rc include $(BUILD_EXECUTABLE) # service seccomp policy ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), x86 x86_64 arm arm64)) include $(CLEAR_VARS) LOCAL_MODULE := mediacodec.policy LOCAL_MODULE_CLASS := ETC Loading services/mediacodec/seccomp_policy/mediacodec-x86.policy 0 → 100644 +69 −0 Original line number Diff line number Diff line # Copyright (C) 2017 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. read: 1 mprotect: 1 prctl: 1 openat: 1 getuid32: 1 writev: 1 ioctl: 1 close: 1 mmap2: 1 fstat64: 1 madvise: 1 fstatat64: 1 futex: 1 munmap: 1 faccessat: 1 _llseek: 1 lseek: 1 clone: 1 sigaltstack: 1 setpriority: 1 restart_syscall: 1 exit: 1 exit_group: 1 rt_sigreturn: 1 ugetrlimit: 1 readlinkat: 1 _llseek: 1 fstatfs64: 1 pread64: 1 mremap: 1 dup: 1 set_tid_address: 1 write: 1 nanosleep: 1 # for attaching to debuggerd on process crash socketcall: 1 sigaction: 1 tgkill: 1 rt_sigprocmask: 1 fcntl64: 1 rt_tgsigqueueinfo: 1 geteuid32: 1 getgid32: 1 getegid32: 1 getgroups32: 1 getdents64: 1 pipe2: 1 ppoll: 1 # Required by AddressSanitizer gettid: 1 sched_yield: 1 getpid: 1 gettid: 1 Loading
services/mediacodec/Android.mk +2 −1 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ include $(CLEAR_VARS) # seccomp is not required for coverage build. ifneq ($(NATIVE_COVERAGE),true) LOCAL_REQUIRED_MODULES_arm := mediacodec.policy LOCAL_REQUIRED_MODULES_x86 := mediacodec.policy endif LOCAL_SRC_FILES := main_codecservice.cpp LOCAL_SHARED_LIBRARIES := \ Loading @@ -47,7 +48,7 @@ LOCAL_INIT_RC := android.hardware.media.omx@1.0-service.rc include $(BUILD_EXECUTABLE) # service seccomp policy ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), x86 x86_64 arm arm64)) include $(CLEAR_VARS) LOCAL_MODULE := mediacodec.policy LOCAL_MODULE_CLASS := ETC Loading
services/mediacodec/seccomp_policy/mediacodec-x86.policy 0 → 100644 +69 −0 Original line number Diff line number Diff line # Copyright (C) 2017 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. read: 1 mprotect: 1 prctl: 1 openat: 1 getuid32: 1 writev: 1 ioctl: 1 close: 1 mmap2: 1 fstat64: 1 madvise: 1 fstatat64: 1 futex: 1 munmap: 1 faccessat: 1 _llseek: 1 lseek: 1 clone: 1 sigaltstack: 1 setpriority: 1 restart_syscall: 1 exit: 1 exit_group: 1 rt_sigreturn: 1 ugetrlimit: 1 readlinkat: 1 _llseek: 1 fstatfs64: 1 pread64: 1 mremap: 1 dup: 1 set_tid_address: 1 write: 1 nanosleep: 1 # for attaching to debuggerd on process crash socketcall: 1 sigaction: 1 tgkill: 1 rt_sigprocmask: 1 fcntl64: 1 rt_tgsigqueueinfo: 1 geteuid32: 1 getgid32: 1 getegid32: 1 getgroups32: 1 getdents64: 1 pipe2: 1 ppoll: 1 # Required by AddressSanitizer gettid: 1 sched_yield: 1 getpid: 1 gettid: 1
